Ptrick125 45 Posted March 15, 2014 Report Share Posted March 15, 2014 Some Asp.Net websites use a system that prevents other websites from performing actions on your behalf. Inside of the HTML, it generates a hidden token, and when you post your message, submit something, etc it sends your token to verify that. This can be tricky for the HTTP Post plugin because it requires a token each time. Without a token, it is impossible to use the HTTP post plugin on the website, and that's where I gave up before I did some more research. Since the website gives the token to you in the HTML, you can easily use HTTP GET to download the webpage.Once you download the webpage you can use regex to isolate the token. After the token is isolated, you simply HTTP POST your newly found token. http://i.gyazo.com/2fbd33570dcb1230a0ab370dca34b289.pngThat is what the code looks like from our browser's point of view. It's hidden, but it has a value. The regex: (?<=RequestVerificationToken\"\ type\=\"hidden\"\ value\=\")[a-zA-Z0-9-_]+(?=\") would isolate the token. __RequestVerificationToken=bgUgVEQgh0yFCZ5wrJ1eQJm7dch7_IMAK065xt1tHX9874IuF6Gwcp1aiFncmQainpWnkaGFJ587YmFQT9FywyT2Z5TFw9SLX4dlcyjNUQteDpI2tAvIkwPT4e-z2tqwj-jHDMD8ZrqdYeFgQgi5gfvZjJg1&id=1061227 If the token's value was bgUgVEQgh0yFCZ5wrJ1eQJm7dch7_IMAK065xt1tHX9874IuF6Gwcp1aiFncmQainpWnkaGFJ587YmFQT9FywyT2Z5TFw9SLX4dlcyjNUQteDpI2tAvIkwPT4e-z2tqwj-jHDMD8ZrqdYeFgQgi5gfvZjJg1 that is the POST. http://www.asp.net/web-api/overview/security/preventing-cross-site-request-forgery-(csrf)-attacksThat link gives a good description for the webmaster's point of view. If you have any questions (you probably will) feel free to ask! If you don't deal with any Asp.Net websites, this is all new to you, but if you deal with some of the higher security sites, you may have had this issue. 2 Quote Link to post Share on other sites
the_way 52 Posted March 16, 2014 Report Share Posted March 16, 2014 Magic effort, great share Patrick Quote Link to post Share on other sites
heyyoad 0 Posted November 17, 2014 Report Share Posted November 17, 2014 Hey Patrick. can you add me on Skype? (yoadfekete) i want to consult you how to do the get and the parse thing for the csrf. i'd appreciate it very much. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.